Privacy Policy & GDPR
Last updated: February 15, 2026
Introduction
Fluffwire respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
What Data We Collect
Account Information
- Email address (for login and account recovery)
- Username (public identifier)
- Display name (optional, shown to other users)
- Profile picture (optional, uploaded by you)
- Password (encrypted with bcrypt, never stored in plain text)
Content You Create
- Messages sent in channels and direct messages
- Files and images you upload
- Reactions and emoji responses
- Servers you create or join, including roles and permissions
Usage Information
- IP address (for security and fraud prevention)
- Device type and browser information
- Login sessions and session tokens
- Online/away status (when you're using the app)
Voice & Video
- Real-time audio/video transmitted during voice calls (peer-to-peer via WebRTC)
- Voice calls are NOT recorded or stored on our servers
How We Use Your Data
- Provide and maintain the Fluffwire service
- Personalize your experience (display name, avatar, settings)
- Send you service-related emails (account verification, password resets)
- Detect and prevent fraud, abuse, and security threats
- Improve and optimize our services
- Comply with legal obligations
Data Retention
We retain your data for as long as your account is active.
When you delete your account, your data is scheduled for permanent deletion within 30 days.
Backup copies may be retained for up to 90 days for disaster recovery purposes.
Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right to Access & Data Portability
You can request a copy of all your personal data in a machine-readable format (JSON).
How to exercise this right: Go to Settings > Privacy > "Export My Data" to download your complete data export.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your account and all associated data.
How to exercise this right: Go to Settings > Privacy > "Delete My Account". Your account will be scheduled for deletion within 30 days.
Other Rights
- Right to rectify inaccurate data (edit your profile in Settings)
- Right to data portability (included in data export)
- Right to restrict processing (contact us at privacy@fluffwire.com)
- Right to object to processing (contact us at privacy@fluffwire.com)
Data Security
- All data is encrypted in transit using TLS/HTTPS
- Passwords are hashed using bcrypt with salt
- WebSocket connections are secured with WSS (WebSocket Secure)
- Access to your data is restricted to essential services only
Third-Party Services
We use the following third-party services:
- Cloudflare (CDN and DDoS protection) — Privacy Policy
- GitHub (for bug reports when you use the in-app reporter) — Privacy Policy
Contact Us
For any privacy-related questions, data requests, or to exercise your GDPR rights, contact us at:
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or through the app.